Cisco Cisco Firepower Management Center 4000
53-25
FireSIGHT System User Guide
Chapter 53 Updating System Software
Importing Rule Updates and Local Rule Files
You can search the import log for specific records or for all records matching the search criteria. You
may want to create customized searches and save them to reuse later.
may want to create customized searches and save them to reuse later.
Tip
You search the entire Rule Update Import Log database even when you initiate a search by clicking
Search
on the toolbar from the Rule Update Import Log detailed view with only the records for a single
import file displayed. Make sure you set your time constraints to include all objects you want to include
in the search. See
in the search. See
for more information.
The search criteria you can use are described in the following table. Note that record searches are
case-insensitive. For example, searching for
case-insensitive. For example, searching for
RULE
or
rule
yields the same results.
For more information on searching, including how to load and delete saved searches, see
To search the Rule Update Import Log:
Access:
Admin/Intrusion Admin
Step 1
Select
Analysis > Search
.
The Search page appears.
Table 53-6
Rule Update Import Log Search Criteria
Search Field
Description
Example
Time
Specify the date and time the record was generated.
See
See
for the syntax for entering time.
> 2006-01-15 13:30:00
returns all rule records
imported after January 15, 2006 at 1:30 PM.
Name
Specify all or part of the content of the rule Message
field. You can use an asterisk (*) as a wildcard
character in this field.
field. You can use an asterisk (*) as a wildcard
character in this field.
*dhcp*
returns all rule records with DHCP in the
Message field.
Type
Specify the type of record, which can be
rule
update component
,
rule
, or
policy apply
.
Note that you can use the
update
search value to
search for rules imported prior to Version 5.0.1.
update
returns imported rule update components
such as a rule pack or policy pack;
rule
returns rule
updates, including new rules;
policy apply
returns
a table row of information for rule updates where
intrusion policies were automatically reapplied
following the update.
intrusion policies were automatically reapplied
following the update.
Action
Specify an action for the object you want to view.
See the
See the
table for a list of actions you can specify.
When the type is
rule
,
new
returns all rules
imported for the first time on the appliance.
GID
Specify the generator ID for the rule.
3
returns all shared object rules.
SID
Specify a signature ID or a range of SIDs for a rule.
923
returns the record for the rule with the SID 923.
Rev
Specify the revision number for the rule.
3
returns rules with the revision number 3.
Policy
Specify the default policy the rule is imported into.
All
returns rules imported into all default policies.
Rule Update
Specify the Rule Update filename.
filename
returns all records for the specified import
file.
Details
Specify details on the imported object.
previously*
returns the record for all rules that
have changed.